Phishing attacks are attempts to steal passwords and other personal information. One way fraudsters do this is by tricking people into visiting fake websites. There are other dirty tricks used to commit identity theft. Consider three ways to protect yourself from phishing attacks: education, intuition and technology.
Photo by VolaVale
You are already protecting yourself by reading this article. Since you probably found this through a search engine, make sure you read the other articles from the results. If you just want to protect yourself, a general understanding of the current dirty tricks will keep you from becoming a victim.
Understand this: phishing is just one of a slew of social engineering tactics being used against people every day. These tactics can be very sophisticated, so we must be vigilant at all times.
Throughout this article, you will see references to tools and sites. Be sure to investigate them.
General Phishing Information
Wikipedia has a pretty good overview of phishing. However, the editors seem to think that the page is not up to par. Still, you’ll get a good idea of the subject.
Google can help. Just type phishing information in the search box and explore the results. At the time this article was written, the number one result was phishinginfo.org. This site has a wealth of information and practical advice.
In-Depth Phishing Material
If you are interested in learning more about phishing than you’ll find on general websites, you can start by going deep into the
Social Engineering Information
A good book to read is The Art of Intrusion, by Kevin D. Mitnick, a reformed hacker. Using case studies, Mitnick explains how he tricks employees into giving him whatever he needs to penetrate a company’s supposedly secure systems. You may also wish to check out his website, MitnickSecurity.com.
Your intuition, believe it or not, can be a powerful defense against phishing. If a stranger approaches you on the street with a sob story, you can usually smell a fishy tale (sorry about the pun!) Email should be treated the same way.
We should all know by now that banks never ask for personal information in emails! This helps your intuition when you get a legitimate-looking email asking you to update your information.
Poor spelling and grammar are two other things that should stir the hairs on the nape of your neck. By paying attention to your intuition, you will know when to be suspicious. By educating yourself, you’ll be able to confirm whether you are being targeted by a phishing attack.
Photo by A Magill
There are two types of anti-phishing technology. Active anti-phishing technology attempts to alert you or your ISP whenever it detects suspicious content. Passive anti-phishing technology relies on your situational awareness to protect yourself from phishing attacks.
Active Anti-phishing Technology
Because phishing attacks primarily use email, it is no surprise that there are many products and services designed to protect your email, either before you get it or after it arrives in your inbox. Proactive ISPs can blacklist emails from suspicious addresses and your spam filter may catch a few. Your email program has some other defensive measures. For example, Gmail gives a warning when it detects that a link does not go where the link text says it goes.
There is so much software available, you may become overwhelmed. Here is an easy way to digest it all. Just think about your online habits. If you tend to visit the same few sites, you can focus on protecting your email. If you like to surf random download sites, you need to research more extensively to protect yourself from malware, pharming attacks and other security threats.
Finally, if you spend a lot of time on social media websites, you know that website addresses are often “shortened”. Services like bit.ly, budurl.com and tinyurl.com disguise the true address. You should research browser add-ons that allow you to preview the website addresses. Bit.ly preview is one such add-on for Firefox.
Passive Anti-phishing Technology
Web browsers usually highlight the real website address when you place your cursor over a link in an email. Just by making a habit of previewing these links, you can thwart the most obvious phishing attacks.
Most browsers allow you to save passwords to the websites you have to log in to use. This is almost an ideal passive system! Since the passwords are linked to a specific website address, you can eliminate phishing attacks by never clicking on email links. To verify or refute a suspicious email, either type the address directly into your browser or browse through your favorites and click on the website. Then, let the password manager log you in.
Password managers in your browser are fine if you only connect to the Internet from your personal computer. However, if you frequently use public computers, you need to take the password manager concept to a new level. You need a USB key and a program like RoboForm.
USB key software is ideal for providing security in your mobile environment. If you keep a portable version of Firefox on your USB key, you never have to worry about someone tracking your browsing history. If you use RoboForm, you will learn to navigate and login to your favorite websites right from the Roboform address bar. This stops phishing attacks in their tracks and has the added bonus of defeating keyboard monitoring software that may have been installed on a computer.
Photo by brad holt
Now that you know a bit more about phishing attacks, take steps to protect yourself. Read up on the latest security threats. Pay attention to your gut feelings. Try to use the available technology to keep your identity and your computer safe.